Clients represent applications that can request tokens from your identityserver.

The details vary, but you typically define the following common settings for a client:

a unique client ID

a secret if needed

the allowed interactions with the token service (called a grant type)

a network location where identity and/or access token gets sent to (called a redirect URI)

a list of scopes (aka resources) the client is allowed to access

Note

At runtime, clients are retrieved via an implementation of the IClientStore. This allows loading them from arbitrary data sources like config files or databases. For this document we will use the in-memory version of the client store. You can wire up the in-memory store in ConfigureServices via the AddInMemoryClients extensions method.

Interactive server side (or native desktop/mobile) applications use the hybrid flow.
This flow gives you the best security because the access tokens are transmitted via back-channel calls only (and gives you access to refresh tokens):